Purpose of study
change questions
List the data resources
revise all changes to be done
Running Head: INSERT SHORTENED TITLE OF DISSERTATION STUDY
Insert Title of Your Study Here
Insert Name
Dissertation Proposal for IRB Approval
Judson University
Table of Contents
3
Introduction
3
3
Significance of study 4
Theoretical Foundations 5
Researcher’s Positionality 8
Purpose of Study 9
10
10
A. Cyber Security 10
B. Threats 11
C. Business Data 11
11
11
F. Authentication 11
G. Data Encryption 11
H. Hacker 11
I. Incident response plan 12
Summary and Organization of the Remainder of Study 12
Chapter 1 12
Chapter 2 12
Chapter 3 12
CHAPTER 2 LITERATURE REVIEW 13
Introduction 13
CHAPTER 3 18
Methodology
19
20
Study Population 22
23
23
23
24
Data Analysis and Procedures 24
Limitations in data collection and analysis 24
26
Trustworthiness of Study 28
29
CHAPTER 4 30
Results 30
CHAPTER 5 31
Conclusion 31
References 33
CHAPTER 1
Organizations are facing an increase in challenges with the rapid increase of security threats and attacks with the advancement of technology. Internet users are prey to cybercriminals who release malicious malware and links. Personal information found on different media streams also makes it easy for cybercriminals to target their prey. Cyber security is a term sitting in the center of many minds as malicious attacks damage continuously corporations and companies. Cyber attacks not only destroy the corporate bottom lines but also . Comment by Ms Onayemi: Any time you have a “not only. . . ” statement, it must be followed with a “but also. . .”
Cyber threats negatively impact all businesses that use modern technology (Hinde, 2001). Cyber-attacks come through phishing, malware, spear-phishing, brute force, credential stuffing, ransomware, and so on. Some of these threats include social engineering, third-party software, vulnerabilities due to cloud computing, and challenges in handling corporate security. Some organizations struggle still to treat cyber security as a business end, bottom-line financial threat. Comment by Ms Onayemi: Cite this and give examples. Is this the problem statement you are starting to craft?
The first chapter of this paper is the introduction, which includes the background, problem statement, significance of the selected topic, conceptual framework, research questions, and the purpose of this study. The second chapter offers the literature review of the topic. The third chapter explains the methodology, and the final chapter provides the research paper’s summary and conclusion. Comment by Ms Onayemi: This should be moved to the end of this chapter to set up for the following chapters. I would move this whole paragraph.
Background.
We live in a digital era that has seen a change in the way certain things are done. Changes have come about in the way we watch movies, apartment rent, buy clothes, book flights, learn, research, communicate, and e-commerce. Most of the things needed are just but a click away, brought about by the internet and electronic media. Comment by Ms Onayemi: This seems like it should be your introduction, and what you have as introduction should be background.
Due to the growth of the use of technology, innumerable incidents of security breaches, fraud, malicious attacks have become rampant. For the safety of all internet users, there is a need for cybersecurity. Cybersecurity is deemed to protect one from criminals, fraudsters, hackers, and anybody with the intent of harm either financially, mentally, or theft of data online. If one is not cautious enough, fraudsters hack and obtain personal information or data of organizations for personal gain.
.Problem Statement Comment by Ms Onayemi: Remove .
Every business organization aims to successfully conduct its business by achieving all its business goals and objectives without facing any disturbances. This is mainly because many organizations are not aware of analyzing the cyber-attacks or threats effectively and successfully. So, to get awareness, every business organization must have the potential knowledge about the cause of the various cyber-attacks and threats. /Are you saying that organizations require knowledge of attack-deterring technology? Comment by Ms Onayemi: Problem statement to set up for your study is unclear and needs significant revision. Comment by Ms Onayemi: Remove this question. Doesn’t flow with your ideas.
Our dependency on the internet has become immense. It is wrong to assume one’s safety in the sense that only big organizations are more susceptible to hackers. A normal consumer connected to the internet if not vigilant enough is at the risk of getting trapped easily. Cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages, and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, cyber-bullying making it necessary for the need of cyber security. Comment by Ms Onayemi: Move this to the background information section above.
The significance of the study needs to be clear about how your dissertation research study will contribute to the scholarly field.
People globally are connected through a connection of devices resulting from the fast development of technology. With the emergence of the dark web, cybercrime activities have been on the rise. Criminals compromise computers and obtain personal data and information illegally as most people are universally reliant on information and communication technology. Cyber security minimizes your exposure to threats and helps one stand a chance against these threats. Comment by Ms Onayemi: Move this paragraph to background information as well.
Cybersecurity means protecting and securing programs, networks, data, and other confidential information from unattended or unauthorized access, change, or destruction. China and the U.S, India have more internet users in the current world. The rise of modern technologies mainly ranges from Big Data and IoT to machine learning and artificial intelligence. Based on that, technology has transformed how all organizations evolve, compete, and operate. combine these two sentences to make a point of some Strategically deployed, competitive technology help businesses enjoy better control of their cyber safety and profitability Comment by Ms Onayemi: This whole section is more background information. Condense your ideas and make the ideas very clear for your reader in the background.
We will work on building a stronger theoretical/conceptual framework during one of our other meetings.
The changing nature of every digital environment keeps hackers increasingly aggressive with more dangerous tools and larger attack surfaces. Many vulnerable endpoints of artificial intelligence can operate employee credentials from the networks related to the Internet of Things. Additionally, the evolution of every workplace technology improves the refinement of cyberattacks. The increase of companies will be proportional to the increase in data breaches stakes. Economic cybercrime can destabilize the economy of the country, transaction systems, and banking security through credit or debit and financial theft. All these cyber-attacks are almost connected to devices, and they can be an accessible medium for spreading viruses. One of the common attacks is a denial of service. It is a problem that attempts to make a network resource or machine unavailable to various intended users. It can easily suspect different services connected to the network that may be permanent or temporary. So, hindering the other operations of a service or website through data destruction and alterations will be helpful to avoid attacks. The current situations of harming someone’s reputation, inferring a fake identity, and threatening email can lead to mental challenges for those people. Moreover, misusing social media advantages can also create tolerances to provoke riots. Comment by Ms Onayemi: Your ideas are all over the place. Your writing needs to logically build the claims you are making with reference citations as needed.
As business companies become more reliant on the digital world, their exposure to cyber-attacks or threats also increases. It certainly does not imply that all organizations go for critical investments. If they did, then their potential surface should be aware of dangers and issues. The specific environment of the IoT networks can boost reliance on the particular cloud, and its problems are internally linked to how companies operate in the present business. For instance, IoT networks mainly functioned by way of hundred connected network devices distributed across the office building, supply chain, and most importantly, workspace. These devices can be connected to the WAN, and cyber attackers can easily manage them to compromise an individual’s assets to breach the rest of the organization’s network.
Relating to that, investing more could increase the company’s risks in processing and storing proprietary offsite data. Generally, the expansion of this cloud computing can also enable many benefits that include cost savings and greater organizational flexibility. It relies on different clouds such as hybrid, private, or public that primarily require a detailed protocol for cybersecurity. Some providers come under the third party because they may or may not be responsible for cloud security. So, cloud computing and IoT networks are not alone in relating to many companies because they are the only new range for the issues in cybersecurity. Artificial Intelligence, Machine learning, DevOps, Blockchain, and other emerging technologies will take a better interest in digital environment security. However, these technologies should reap many advantages of modern technologies in mitigating cybersecurity issues.
The development of modern capabilities and platforms leads to many competitive organizations’ critical vulnerabilities. Managed service providers must analyze what tactics cybercriminals will use to benefit the unprotected and unprepared organizations. Ransomware, DDoS attacks, and Botnets are some types of digital weapons that cyber attackers will use to compromise confidential information and breach networks. Even though many strategies exist, the latest wave in the innovative workplace is increasing the specific environment of cloud computing, and IoT networks make these attacks more accessible and more devastating.
Preventing a system and the breach of its network requires adequate protection against various cyber threats and cyberattacks. The proper countermeasures should be used or deployed to deter it from influencing a weakness or vulnerability for every incident. The first-line defenders in an organization should focus on implementing and assessing adequate security controls. Then some of the best ways to prevent cyber threats or issues will include anti-malware software, installing spam filters, implementing security awareness training, expanding cybersecurity policies, installing endpoint response & detection, and deploying better generation firewalls. For better measures, businesses should also utilize various cybersecurity measures to maintain their cash flow, business data, and customer data safely online.
Due to all these high internet penetrations and cyber threats or issues, cybersecurity technology is becoming the world’s most significant necessity because the threats and cybersecurity issues are too dangerous to the country’s security and successful business organizations. For this security, the companies, governments, and citizens must spread awareness in society to update better network security to the system settings to properly utilize the antivirus software so that every network and system security settings will stay malware and virus free.
The internet in many ways has vastly helped the way people go about their daily livelihoods and communicate. Nations, individuals, companies, and organizations are intertwined as different avenues for businesses are introduced, and governing through various platforms by the government is made easier. Despite the positives and the endless list of services and opportunities available, many risks emerge most of which are not known to the consumer. Comment by Ms Onayemi: This is MORE background knowledge. Much of what you have written is necessary and appropriate for this first chapter. I think some sub-headings for the background information section will help you to organize your ideas.
You can omit “researcher’s positionality” as a section for this proposal for now. You will develop this section when you write your final chapter 1 in your final dissertation.
Companies suffer losses of millions as most of the company’s data is stored online which in itself is a vulnerability to cyber hacks and thieves. Cyber security cost is high when dealing with cyber thieves, costs which sometimes trickle down to compensation to consumers or losing money to cyber-crime. The safety of many businesses is not guaranteed more so companies in the sectors concerned with technology, financial services, energy, and manufacturing. Firms incur extra costs in trying to manage cybercrimes ranging from cyber security technology expertise, public relations support, ransomware, and insurance premiums. Further, companies are hit with indirect costs from cyberattacks such as interruptions in normal operations which decreases output and results in revenue loss which may in some instances lead to damage to a company’s reputation.
Anybody and any business are a potential target of a cyber-attack. Criminals identify with key assets of interest to them from which they can exploit. Exploits range from financial information, personal information of staff and customers, or the infrastructure of the business. Once one understands why cyberattacks happen, one understands better the risk one faces and how best to go about it. Mostly, cyber-attacks are propagated for financial gain but others are influenced by other reasons. Cyber attackers may either be from the inside or the outside of an organization. Insiders mostly have remote access to the organization and its assets a good example being that of employees either trusted, careless, disgruntled, or malicious insiders.
Cyber security is important as having a robust security solution is deemed essential. The risks cannot be simply ignored as there are too many threats out there that could cost one his livelihood making prevention key. Training of staff is essential as employees are aware of the most common ways cybercriminals use to access information. Updating software and systems help minimize weaknesses in one’s network. Patch management systems are a wise investment where the software is managed and kept up to date. For remotely bridged devices, endpoint protection is recommended for the protection of networks. Phones, tablets, and laptops which are connected to the corporate network often give access paths to security with the protection of specific endpoint protection software. Firewalls are also one of the most effective ways of defense from cyber-attacks. Brute force attacks are protected by the firewall before they cause any irreversible damage
In the last decade, the significance and attention towards cybersecurity have increased due to various cyber threats and attacks. The primary purpose of this study is to conduct a significant and practical analysis of cybersecurity issues, attacks, and threats. Thus, the most valuable information is provided by selecting the practical conceptual framework to make the research successful by fulfilling all the research objectives and goals. Every business organization aims to expand its business successfully worldwide by increasing its business reputation and brand value. However, this cannot be achieved when there is any cause of the cyber threats and attacks within the organization, leading to a decrease in their business reputation within the global market, and it will not be easy to expand their business successfully. To avoid this, organizations need to have the potential knowledge about the various cyber-attacks, threats, and issues that result in their business failure. Therefore, this proposal seeks to discuss key aspects to obtain practical analysis related to the various cyber-attacks and threats. First, the significance of cybersecurity is provided, then the different types of cyber-attacks and threats, effects, significant reasons for these cyber-attacks and threats; finally, the measures that the business organizations can adopt to reduce the occurrence of these cube attacks and threats to the maximum extent. Comment by Ms Onayemi: The primary purpose of this study is for the researcher to gain a deeper understanding of mixed-methods research.
Research Questions
● What role does cybersecurity play in today’s world? Comment by Ms Onayemi: Avoid asking “what” questions. These questions are way too broad and general for you to design any kind of credible doctoral study around. Your first step of revision work will be to refine your research questions and determine which methods will provide sufficient data for you to answer the questions you have posed.
Some options:
How do business leaders view the relationship between social networking and digital safety within the organization?
Survey 75-100 “experts” on cyber-security
2 organizations as a case study (purposeful sample from survey data or random sample)
One on One Interviews with 5 “experts”
Focus group scenario (discourse analysis)
How do cyber-security measures get implemented within an organization and how do stakeholders at all levels engage in that process?
The methods you are considering need to be a match with the questions you are proposing. These are the questions that you must collect data to answer.
● What are the effects that business organizations face due to cyber-attacks and threats?
● What are the primary reasons that cause these attacks and threats within the organizations?
● What measures can business organizations adopt to reduce these cyber-attacks and threats?
Definition of the Terms
The key terms in this field are cybersecurity, threats, data, attacks, firewall, authentication, encryption, hacker, etc. Apart from these consistent and most common factors, there are still many major ones for the current study.
Cybersecurity is defined as protection, which ensures security for computer systems from cyber-attacks. It is considered a required field in managing security aspects in the business. Therefore, most companies tend to use cybersecurity principles in business activities for development methodologies.
Threats are referred to as the faults or damaged actions that attacked business companies. It can either be internal or external ones where internal ones would occur because of its employees.
Data in business companies are powerful instinct that regulates work concerns. It is the most critical asset in making business activities get executed successfully.
D. Attacks
Attacks in the business are known as the preceding view of threats where both seem to be the general cause of damage exemption in the workplace.
E. Firewall
A firewall is system software that works with the idea of protection. A firewall is an intermediary system between the internet and the user’s computer. It works as a protective interface that helps the business world to address security concerns and provide security.
Authentication is a security factor that every organization prefers to ensure customer segmentation for business security. This would check in all the perceptions and work for the business benefits.
It is the process through which data changes its form from one point to another through which the visibility of the data and the integrity can be ensured positively.
Hacker is a person who can be referred to in two ways, one is positive and the other negative. This means that the positive one would help work for the insights caused in the business systems. However, at the same time, the negative ones use knowledge to hack other systems and imply fraud actions.
An incident response plan in the business is referred to as the pre-existing plan to be maintained by companies to work with technical and network security issues. This helps in working with unfortunate incidents and balances the business conditions.
These are the various terms used in regulating the business modules to be secured by implying the cybersecurity issues in being proactive in the organizational views.
This section of the current view summarizes the concept used and the mentioned insights as per the assignment. This includes various headers used in completing the assignment and their contribution towards the successful end of the procedures.
Chapter 1 makes a compelling case is made of the problem under investigation, the purpose of this study, and the research questions to be investigated. Where applicable, the theoretical or conceptual framework upon which the dissertation is based should also be introduced. The significance, the purpose of the view taken, the study presented for the topic, the definition of each term used in the contextual understanding of the dissertation are also looked at.
Chapter 2 deals with a review of literature where summaries of what is known, and what is unknown are identified about the topic of the dissertation study. The chapter serves as the foundation on which the study is built. Major findings and relevant methodological issues are included. Relevant examples of research that report findings that do not support the case being made for the dissertation should also be included. Literature review
Chapter 3 reviews the methodology used. The design of the research is described in detail in this chapter paving a clear understanding for the readers of how the study is conducted and helping future researchers be made aware of what procedures to follow should they want to replicate this study.
LITERATURE REVIEW
The first computer worm came about in the year 1988. A student at Cornell University created a string of code that spread from one computer to the next leading to the consumption of memory and later shut down. Approximation by the security officers was that the worm knocked down 10 percent of the internet despite no harm being intended by the offender causing thousands of dollars in damages. Programmers from Berkley and Prude eventually came up with solutions to stop the worm. The perpetrator was convicted under the Computer Fraud and Abuse Act later on sentenced to three years in prison with a probation of 400 hours of community service and a US$10000 fine. The cyber threat landscape has considerably changed since then.
Jaccard & Nepal (2014) argue that cyber-attacks have resulted from the vast growth of the interconnections of the internet. Malicious intents carried out by malware are the primary means by which attacks are instigated through cyberspace, either by the exploitation of the vulnerabilities that emerge propelled by the different characteristics of the different technologies. It’s an urgent requirement for the development of more effective and more. so innovative mechanisms for the defense mechanisms are deemed urgent in the cybersecurity community. With the increase in dependency on technology, cyber attacks have grown in numbers. The economy and critical infrastructures such as hospitals financial institutions all depend on the internet and computer networks. Companies suffer the most with the time lost by companies in recovering from these attacks when counted estimated the total cost of cyber attacks reaches a staggering $385 billion.
Cyber attacks are rampant as they are convenient, cheaper, and contain less risk than physical attacks. Only a few expenses beyond a reliable internet and a computer are required. Cyber attacks are not restricted to distance or geography and can’t be easily identified or prosecuted as a result of their anonymous nature. The number of attacks is estimated to grow as information attack is lucrative and very attractive. According to many cybersecurity experts, malware is the key choice o weaponry used to execute malicious intentions aimed at the breach of cybersecurity. Malware is loaded into the system without the knowledge of the owner because of compromising the system for an adversary’s benefit. Some prime examples of malware include; Trojan horses, spyware, and bot executables. Malware keeps evolving taking new forms as the emerging technologies mask themselves and avoid detection (Jaccard & Nepal, 2014).
Interchangeably the word cyber security can also be used to mean information security. These two terms concepts can be compared to each other despite there being a substantial overlap. Cyber security in its meaning not only relates to the protection of information but further of other assets such as individuals themselves (Jaccard & Nepal, 2014).). All the technologies and practices are deemed to keep the computer systems safe and data in an era where online usage has become a social norm. the Cyber Security and Infrastructure Security Agency (CISA) hold that cyber security ensures confidentiality, integrity, and information availability (Patterson, 2021).
Getting hacked goes beyond the threat of personal information or a company’s data as it ruins the relationship with clients creating legal jeopardy. Nowadays technological advancement has seen everything rely on technology ranging from self-driving cars to homes enabled with internet control systems and security systems. The demand for cyber security practitioners is high as almost all businesses today have an online presence as the need for protection of data and information is paramount. Organizations with valuable customer data, individuals’ personal information, and governments need to protect state secrets adopt a measure for cyber security to prevent the compromise of their databases. In 2017, 147.9 million people’s information through breached of credit was compromised (Patterson, 2021).
Malicious software known s malware is intrusive software developed by criminals or by the dark web to damage and destroy computers and computer systems according to CISCO. This malware exfiltrates large amounts of data examples being viruses, worms, trojan viruses, spyware, adware, and ransomware (Ursillo & Arnold, 2019). Phishing attacks communicate fraudulently masking themselves as reputable sources through emails or mobile phones. The aim is to obtain information such as financial information or the log-ins to different individual amenities such as bank logins (Patterson, 2021). Ransomware renders files and systems unusable through encryption followed by ransom in exchange for decryption.
Tunggal (2021) holds that cybercrime is profitable with the demand for information being on the high. With the advancement of technology and software development information theft is on a tremendous rise. Identity information mostly found on cloud services makes it easy for hackers. Energy grids and controls to industries are destroyed causing disruptions. Cyber-attacks also are aimed to control the integrity of organizations by either destroying or changing the data the easiest form of cyber-attacks is social engineering which is the easiest mode of entry. There is the practice of poor cyber security practices as ransomware, spyware, and phishing are among the easiest way of gaining entry.
Cyber threats may emerge from within an organization at any level. One might argue that training is not recommendable and is not wise to employees within an organization. All businesses are small industries, highly regulated industries with the perfect example of the health industries, or large organizations that are heavily affected by data breaches as there is heavy reliance on computer systems daily. This paired with poor cloud service security creates a vulnerability that was non-existent a few years ago (Tunggal, 2021).
Cybercrimes are getting government recognition globally with the GDPR as a good example. All organizations operating in the EU as a means of increasing reputational damage are forced to; “amply convey and communicate data breaches, anonymize data for privacy, appoint a data protection officer, and require consent to process information” (Tunggal, 2021). Public disclosure is not only limited to Europe. In all the 50 states in the U.S there are data breach laws with the commonalities being;” the requirement to notify the affected soonest possible, let the government know as soon as possible, and pay some sort of fine” (Tunggal, 2021).
(Tunggal, 2021) s of the view that cybercriminals are finding nowadays more sophisticated methods of obtaining information, as they have changed their targets, their effect on organizations, and the mode of attack they use for the different systems of security in place. The Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon Institute states that there has been an increase in the average cost of cybercrime in an organization by $1.4 million to $13.0 million within the last year and breaches in data rising by 11 percent to 145 averagely. This creates the need for the management of information risk.
Tunggal (2021) holds that information obtained from data breaches includes; financial information such as credit card numbers, details of bank accounts, protected health information (PHI), personal identifiable information, (PII), trade secrets, intellectual property, and other industrial espionage. The vast distribution of the nature of the internet, the difficulty in policing as cybercriminals attack outside targets of their jurisdiction, the profitable nature of the dark web, and the mobile gadgets proliferation and the Internet of Things are some factors fuelling the growth in cybercrime.
Damages to businesses damage businesses in a range of ways which include economic costs, reputational costs, and regulatory costs. Economic costs include intellectual property theft, theft of corporate information, trading disruptions, and damaged systems repairs. The reputation cost is where consumers lose trust in the organization which leads to loos of customers present and in the future, and poor media coverage. Regulatory costs are costs where organizations may be subjected to regulatory fines or sanctions resulting from cybercrimes. Staff must have the know-how of all the possible threats and the measures to take when they are faced with threats. Training the employees helps minimize the risk of data leaks or the risk of breaches. It is difficult however to detect and understand the direct and indirect costs of the security breaches. It does not necessarily mean that the reputational damage or a small breach in data is not large (Tunggal, 2021).
The governance of cybersecurity and the management program risk because of the organization’s size should be established. The cyber security risk is a risk that needs to be considered as a significant business risk in line with the other risk assessments in place an example being operational, compliance, financial, and reputational risk. Some frameworks are voluntary and are used to consider the assessment risk best-related practices. The National Institute of Standards and Technology NIST Cybersecurity Framework includes five functions which are continuous and concurrent;
Identify; come up with an understanding in the organization to handle cybersecurity risk to the systems, assets, people capabilities, and data.
Protect: Make safeguards appropriate for the insurance delivery of the critical services
Detect: Put in place activities for the identification of an event of cybersecurity.
Respond: set up activities for action taking regarding the detection of incidents of cybersecurity
Recover: Manage appropriate activities for the maintenance of resilience plans and the restoration of any capabilities or services impaired as a result of the incident cybersecurity.
Methodology
Introduction
Cybersecurity is defined as the type of process for protecting computer systems, mobiles, valuable data from attacks, and many other electronic devices (Iqbal et al., 2019). Cybersecurity is also called electronic or information security. Cybersecurity is applicable in many contexts, such as from business to mobile computing, and it can be divided into some categories. Network, application, information, and operational security are some categories. Cybersecurity has gained attention due to its ability to protect data against different types of threats. Information technology is developing at high speed, so there is an impact on the issues and threats to cybersecurity (King et al., 2018).
Cybersecurity is still struggling to address the detail of multidimensional cyberattacks gaining an advantage due to increased sophistication (Iqbal et al., 2019). The main problem with cybersecurity is global because it mainly depends upon technology and culture. The factors related to the different types of threats and issues will vary according to the specific extent. Cybersecurity faces many issues due to different types of attacks such as IoT, cloud, phishing, Ransomware, and many different types of attacks (Lykou,2018).
Cybersecurity is critical because it will protect different data types from threats or damage. Cybersecurity protects valuable data, personally identified information, intellectual property, governmental and industrial information systems. The usage of cybersecurity can help organizations and business from data breaches, identity theft and prevents different types of cyberattacks. Cybersecurity will prevent the systems and data from unauthorized access, unauthorized deletion of data, and unauthorized data modification.
Statement of the Problem
Protecting privacy and security and data in computer systems has always been the biggest challenge in recent days (Iqbal et al., 2019). Every organization and business is always trying to conduct the work effectively by achieving the organization’s goals or the business without any issues. The security issues that organizations are facing are increasing every day at a rapid speed. The technologies used by the attackers are increasing rapidly, so organizations should adopt new technologies to protect themselves from many challenges or issues.
Organizations should also find the cause of the cyber-attacks because it will help prevent them from happening again. The increase in online traffic has increased the total number of vulnerabilities (Loi et al., 2019).
The owners of organizations should make effective security plans by considering different attacks to prevent cyber-attacks from happening. Nowadays, most small and large organizations store their valuable data in the cloud.
Therefore, business owners need to make best practices and regulations surrounded by valuable data. The vulnerability that abounds for small and large-scale organizations in the present world has increased (MelwinSyafrizal et al., 2020). Understanding a hacker’s methodology will help mitigate the threats of having the data stolen. Staying ahead in the cybersecurity game will prevent the damage that results in data breaches.
Research Methodology
The qualitative research method aims at obtaining data through open-ended conversational communication. This method is not only about what people think but also about why they think so. It allows for in-depth and further probing questioning of the respondents based on their responses, with the interviewer and the researcher trying to understand the motivation of the participant has and their feelings ( ).
This model is designed that helps reveal the behaviors and the perceptions of the targeted audience regarding a particular topic. The different ways to conduct qualitative analysis include an in-depth focus on interviews, research, case study research usually used. The results of qualitative methods are more descriptive with the inferences easily drawn from the available data. In a world where it is difficult to understand what people think and the different perceptions, qualitative research methods made it easier to understand as it is more communicative and descriptive ( ).
Research Design
The selected qualitative methodology is applied effectively to make the research successful by fulfilling all the research aims and objectives and the research design.
Due to the increase of many advanced technologies in this modern world, many business organizations are adopting these technologies to improve their business operations and functions to the maximum extent. However, many cyber attackers or hackers are involved in causing cyber threats or cyber-attacks to affect business organizations by losing their sensitive information regarding their business and customers (Rantos et al., 2020). To know more about these cyber threats and issues, effective browsing has been done from the following information.
Many cybersecurity experts have concluded that some cyber threats make business organizations face more significant losses, mainly from cyber attackers. Malware is considered the most common cyber threat faced by the organization at which the attackers aim to cause malware mainly to compromise the particular system within the organization and gain complete control over the system without knowing the system owner. This malware has been classified majorly into the following types: Trojan horses, spyware, worms, viruses, and many more. The main reason for malware attacks is the lack of cybersecurity within organizations.
Due to the occurrence of cyber-attacks, the reputation of the business organization is reducing within the business organization. With this effect, the potential customers towards the specific business organization are reduced (Robles-Gómez2020). Also, the efficiency of the business organization is found to be decreased to a greater extent as many pieces of evidence prove that the business efficiency and the reputation of the organization are found to be decreased, and due to this, the more significant loss has to be faced by the entire business management (Rios et al., 2019).
Then the significance of adopting and following the legal mechanisms by every business organization is very beneficial to ensure the safety and the success of the business, especially while handling cybercrimes. Business organizations can maintain their business reputation to the expected level and improve their business efficiency to the greater level if they follow the legal mechanisms without failure, especially in handling cybercrimes within their organizations. Also, with this, it is possible to identify the specific number of attackers responsible for the cause of the attack, and also this helps to make the potential customers retain within the organization. Every business management needs to know the leading causes of cyber threats or attacks within the organizations.
Some of the most common causes that lead to cyber threats within the organization are if the specific organization does not identify the significance of enhancing effective cybersecurity if effective authentication is not ensured for the systems within the organization if the proper access controls were not maintained within the organization. Such having the potential knowledge regarding cybersecurity and the cyber threats for the business organization will be helpful to protect their business from the cause of the cyber-attacks or cyber threats.
Therefore, it is the primary responsibility of the business management to offer practical training for all the employees so that it will be possible to bring complete awareness regarding cybersecurity, cyber threats, attacks so that the employees can be able to detect when there is an occurrence of such situations within the business organization. Offering practical training to all the employees will be very advantageous to the organization in managing and preventing all cybercrimes, attacks, and threats to the maximum extent.
Also, the following are some of the adequate security measures that help ensure the business organization’s effective cybersecurity within their business by protecting all the business information safely from all security concerns. Some of these include setting adequate logging credentials for all the users to access the systems within the organization; effective authentication systems must be adopted, proper firewalls and other security software must be implemented within the organization. All the above aspects ensure the business organizations or the learners know more about the significance of cybersecurity, cyber threats, cyber-attacks that are essential to be known by them to achieve their business success to the possible extent.
The targeted population is the experts of corporations and organizations who have experienced the loss of data. The general public also will be questioned on their awareness of breaches of cyber security. Experts will be questioned on the cyber security measures, breaches, and measures adopted for the protection of data.
Data Collection Methods
A. Face to face interviews
Face-to-face surveys about how different people have been affected by cyber security breaches either directly or indirectly. The experts of cyber security breaches will be asked how they were affected and the extreme to which the breach affected them or their organizations. The experts will share what measures they took either in reporting or the legal action taken against the organizations to which they had entrusted their data. Questions on whether there was awarding of damages or compensation will be asked with the experts detailing how they handled the experience personally. Follow-up questions on the facial and behavioral cues that seem at odds with what the participants will explicitly say will also be introduced in the survey an example being of how they have never seen adverts cautioning against downloading content that pop-ups while using the internet. The pop-ups mostly mask themselves while in the real sense they are malware and viruses. Questions will be asked about whether or not while in high school there was an education about cyber security and the measures one adopts when there is a breach of cyber security.
The face-to-face surveys will be recorded to maintain the integrity of the interviews as human recollection cannot be trusted. The targeted members for the face-to-face survey were mostly the experts of Twitter Spear Phishing Attack 2020 and the Zoom credential hack. Members of the general public will also be questioned about the hacking of the voting systems in the US.
B. Telephone surveys
Due to the restrictions associated with the pandemic, some experts on the breach of cyber security prefer telephone calls to questionnaires or face-to-face-to-face surveys. Similar questions to face-to-face surveys will be asked. These interviews will be recorded with experts being the main target of telephone surveys.
C. Online surveys
Surveys through social media with open-ended questions will be tabled to participants in written format through emails with similar questions to face-to-face surveys as well telephone surveys. The participants will be required to respond to the questions in text in detail.
Limitations. Written questions will be issued to the participants in form of questionnaires.
The secondary analysis of data is analyzed in the research. In this data analysis process, the various processes include cleaning, modeling, and the transformation of the information to discover the important information for the decision making which relates to the research study. Only significant data will be extracted as well as make the decisions based on the analysis of the data.
Journals, articles, videos, websites, interviews, past research from the various sources available. As soon as the critical data is collected the processed information and record the detailed notes on the things that stuck out in the analysis, the tie or details of the date, and the highlights from the interaction. The data will be recorded as soon as possible to avoid misappropriations of the data as they are freshly recorded and accurately recorded.
Hand-written notes will be time-consuming as they need to be transcribed for digital study, protect the information in case of destruction, and physically filed or kept for reference. There might be a misinterpretation, especially with the online surveys that will not be corrected at the time. Some questions may not be properly answered as participants may argue that some research questions might be misleading eliciting answers not core to the subject of the research. Audios may be time-consuming too as they are likely to take a lot of time to transcribe. When starting the surveys, some surveys may be left incomplete as the interviewers may not be well equipped with training in carrying out the survey.
The social and technical elements of cybersecurity and cyberwarfare. At a tactical and technical level, cyber security is deemed relevant as well as strategic on the international level. The methods of deterrence, traditional in nature, and sovereignty are called into question when dealing with cyber security. Cybersecurity and cyberwarfare are comprised of many elements both technical and social requiring the multidisciplinary approach to fully comprehend it creating many challenges in the research field.
The lack of cybersecurity skills is a problem universally experienced. There is a shortage of just about 3 million positions. There is heavy competition from the various stakeholders for recruitment from the small number of cyber security professionals. It is hard to find a researcher in this field to the extent that some universities struggle to find and retain researchers and lecturers.
Discipline is inadequate among the researchers which contributes to the lack of awareness. In 2015, Raytheon and the National Cybersecurity Alliance published a study result showing that 67% of men and 77% of women in the US and 62% of men and 75% of women globally lacked any awareness in high schools or secondary schools on careers in cybersecurity (Florentine, 2015).
There is stereotype bias towards women in the field as women are discriminated against and more octenyl than not when carrying out research women’s ideas and opinions are undervalued by the employers.
. There is a lack of flexibility in the research hours and the long periods required to carry out the research is a primary obstacle.
Availability of data is a problem when conducting research. Governments and big corporations are unwilling to give out the information or give partial detail on successful cyber-attacks. Getting relevant and useful information more so for testing new algorithms is very difficult. Where the law requires that breaches be reported, accessibility of the said information is easy as public announcements are made often. There is no legal mandate for breach of information which is personal therefore not requiring the public to be notified of other cyber-attacks that are not affected by the data. There is even less data on cyberattacks against industrial systems posing as an obstacle in investigating these areas.
The cleanliness of data is problematic and the consistency of data. The categorization of data often differs in turn limiting the accuracy of data analyses according to vendor and computer security incident response team (CSIRT). Change in categorization by some vendors poses another challenge (Pretorius, 2016). There is heavy reliance on secrecy and deception when conducting research making it necessary for one to filter through erroneous reports. Data collection based on human perception is questionable and needs to be considered more example a person without the knowledge of a cyberattack affecting his or her organization giving the wrong information that he has never experienced a cyberattack (Van Niekerk, 2011).
Validity and Reliability of the Study.
As with any research project, the collection of data plays the biggest role and is incredibly important. Several aspects come into play in the process of collecting data. The cost, efficiency, and accuracy of the data collected are the factors that influence the reliability and validity of the research. Face-to-face and mobile surveys, as used in this research, remain the most popular data collection method.
Online surveys help reach vast numbers of people over a large geographical area. Online surveys are convenient more so in this pandemic times. The potential disadvantage it has compared to face-to-face surveys cannot be overlooked. Online surveys cannot be trusted in the manner of face-to-face surveys as the increase in error in the stimulation of each stimulus is more. Time is saved, there is flexibility in that the respondents can fill out the survey whenever they feel best which in turn increases the response rate. The incentive to lie is minimized as people tend to be honest as they feel that there is more anonymity. Most people especially those with unconventional views are more honest online as they are not affected either by the intonation of the interviewer or their personality.
Face-to-face interviews help with accurate screening as the interviewee mostly cannot provide false information or the interviewer can distinguish and clarify facts that are true and untrue. One can capture the verbal and non-verbal cues an example of body language when one becomes uncomfortable with a question asked. The interviewer has control over the interview and keeps the interviewer focused and on track. Technological distractions are avoided validating the information provided more. An interviewee’s emotions and behaviors are captured by the interviewer.
Like online surveys, phone surveys provide a high response rate. They are more so accessible, they provide anonymity which some participants prefer, they are prompt as data is managed easily and processed faster, good interviewers can bring out more thorough and substantial responses through telephone surveys. Telephone surveys are better for public opinion as data is collected through telephone interviews.
Cyberspace depends on data technologies to negotiate associations between several species across various transmission formats and prevails reliant on financing technology. These interchanges commonly arise without manual locality, and those helping to rely on cyber systems must prevail, eligible to expect the all-around human specialized networks that benefit cyberspace. A comprehensive conversation of cybersecurity agreement would stand expanded by comprising faith as a key-key significance to encourage direct agreement conversations.
Further, beneficial cyber systems must retain stability formulated into them. This paper asserts that trustworthy cyber systems are crucial aspects of resilient networks and accordingly prevail substance to cybersecurity agreement. The journal accentuates the significance of dependability for resilient cyber systems. The influence of relinquishing faith prevails to underpin the assertion that a resilient cyber system ought to formulate dependability. The journal shuts by illustrating a comprehensive pair of program significance from the distinction between confidence, trustworthiness, and solidity for helpful cybersecurity.
Trustworthiness stands for a theory that includes: intimacy, dependability, soundness, insurance, and protection. Competent of existing commissioned to achieve whatever significant provisions may prevail desired for a specific ingredient, subsystem, procedure, format, plea, exploration, company process, industry, or additional commodity. The level to which a data strategy can live is anticipated to protect the intimacy, quality, and availability of the data fabric distilled, stocked, or communicated by the procedure across a vast expanse of risks.
A reliable data procedure occurs in a speculated network to stand eligible for operating within defined categories of stake despite the environmental upheavals, mortal mistakes, structural downfalls, and calculated invasions that exist anticipated to transpire in its climate of policy. Computer hardware, software, and techniques: live relatively comfortably from intrusion and mishandling; furnish an acceptable category of availability, dependability, and appropriate procedure; rather conform to accomplishing their conscious tasks, and adhere to typically approved protection.
Competent prevailing expected to conform to whatever important provisions may occur desired for a particular element, subsystem, technique, configuration, request, journey, industry, or additional commodity. A trustworthy strategy occurs in a policy that satisfies specific withdrawal provisions in expansion to important additional provisions from a secrecy standpoint.
Cybersecurity prevails in the process of upholding computers, waiters, portable appliances, electronic techniques, formats, and data from hostile invasions. Information safety maintains the quality and intimacy of data, both in warehouses and in transit. Trustworthiness pertains to a communication strategy’s responsibility and proficiency in delivering durable and valid advice and contracts. We preferred the phrase trustworthy because it signifies innocence, proficiency, loyalty, and enthusiasm. We intend reliability to characterize data strategy faults.
Data circulated by the nation occurs both existing and established on immediate analysis if no one creator is recorded. In standard, print magazines with writers and listed references prevail because they furnish references that texts can substantiate. You can constantly learn data on any basis.
Ethical Considerations
In any business field of implying various applicable acts and decisions as part of the overall procedures made in the business, ethics need to be balanced in every activity executed. Ethical standards and management of each of these standards are more vital for business decisions and security management within the scope and need of the business activities. Considering ethics as a primary factor in the management of any business activity related to any business domain tends to be crucial as the resulting actions are always beneficial to the work culture of the organizational environment.
By following the ethical standards as part of the business, organizations usually make profits out of it and hence work to develop business more informative and efficient. In cybersecurity and business management, standards utilizing the work preferences need to be worked on such that it gives out a view on the satisfaction with the need to integrate the business activities. The ethical considerations that are made in the current research are, mainly in data collection, we are to choose people based on one vital factor such that the need and ethical management are satisfied.
The other scenarios where ethical considerations are implied are to use articles that priorly satisfy the requirement but are not based on any other factor. Having standards that are more general and likely to be preferred in the business are coherent, and hence business would always imply a decision based on which each of the scenarios is meant to be known and worked equally.
References
Bradshaw, S. (2015). Combating Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity. SSRN Electronic Journal. DOI: 10.2139/ssrn.2700899
CYBERSECURITY VULNERABILITY ANALYSIS VIA VIRTUALIZATION. (2017). Issues In Information Systems. DOI: 10.48009/4_iis_2017_91-98
Ham, J. (2021). Toward a Better Understanding of “Cybersecurity.” Digital Threats: Research And Practice, 2(3), 1-3. DOI: 10.1145/3442445
HOW FINANCIAL INSTITUTIONS ADDRESS CYBERSECURITY THREATS: A CRITICAL ANALYSIS. (2021). Issues In Information Systems. DOI: 10.48009/1_iis_2021_63-74
Hinde, S. (2001). Cyberthreats: Perceptions, Reality, and Protection. Computers & Security, 20(5), 364-371. DOI: 10.1016/s0167-4048(01)00503-x
Interorganizational Information Sharing: Collaboration during Cybersecurity Threats. (2021). Public Administration Quarterly, 105-122. DOI: 10.37808/paq.45.1.5
Iqbal, A., Gunn, L. J., Guo, M., Ali Babar, M., & Abbott, D. (2019). Game Theoretical Modelling of Network/Cybersecurity. IEEE Access, 7, 154167–154179. https://doi.org/10.1109/ACCESS.2019.2948356
Katzan, H. (2016). Contemporary Issues in Cybersecurity. Journal Of Cybersecurity Research (JCR), 1(1), 1-6. DOI: 10.19030/JCR.v1i1.9745
King, Z. M., Henshel, D. S., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment. Frontiers in Psychology, 9, 39–39. https://doi.org/10.3389/fpsyg.2018.00039
Loi, M., Christen, M., Kleine, N., & Weber, K. (2019). Cybersecurity in health – disentangling value tensions. Journal of Information, Communication & Ethics in Society (Online), 17(2), 229–245. https://doi.org/10.1108/JICES-12-2018-0095
Lykou, G., Anagnostopoulou, A., &Gritzalis, D. (2018). Smart Airport Cybersecurity: Threat Mitigation and Cyber Resilience Controls. Sensors (Basel, Switzerland), 19(1), 19–. https://doi.org/10.3390/s19010019
Mednikarov, B., Tsonev, Y., &Lazarov, A. (2020). Analysis of Cybersecurity Issues in the Maritime Industry. Information & Security: An International Journal, 47(1), 27-43. DOI: 10.11610/isij.4702
MelwinSyafrizal, Siti RahayuSelamat, & Nurul Azma Zakaria. (2020). Analysis of Cybersecurity Standard and Framework Components. International Journal of Communication Networks and Information Security, 12(3), 417–432.
Nieto, A., Acien, A., & Fernandez, G. (2019). Crowdsourcing Analysis in 5G IoT: Cybersecurity Threats and Mitigation. Mobile Networks and Applications, 24(3), 881–889. https://doi.org/10.1007/s11036-018-1146-4
Pranggono, B., &Arabo, A. (2021). COVID‐19 pandemic cybersecurity issues. Internet Technology Letters, 4(2). https://doi.org/10.1002/itl2.247
Rantos, K., Spyros, A., Papanikolaou, A., Kritsas, A., Ilioudis, C., &Katos, V. (2020). Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem. Computers (Basel), 9(1), 18–. https://doi.org/10.3390/computers9010018
Robles-Gómez, A., Tobarra, L., Pastor-Vargas, R., Hernández, R., & Cano, J. (2020). Emulating and Evaluating Virtual Remote Laboratories for Cybersecurity. Sensors (Basel, Switzerland), 20(11), 3011–. https://doi.org/10.3390/s20113011
Rios Insua, D., Couce-Vieira, A., Rubio, J. A., Pieters, W., Labunets, K., & G. Rasines, D. (2019). An Adversarial Risk Analysis Framework for Cybersecurity. Risk Analysis, 41(1), 16–36. https://doi.org/10.1111/risa.13331
Sarker, I. H., Kayes, A. S. M., Badsha, S., Alqahtani, H., Watters, P., & Ng, A. (2020). Cybersecurity data science: an overview from m machine learning perspective. Journal of Big Data, 7(1), 1–29. https://doi.org/10.1186/s40537-020-00318-5
Škiljić, A. (2020). Cybersecurity and remote working: Croatia’s (non-)response to increased cyber threats. International Cybersecurity Law Review, 1(1-2), 51-61. DOI: 10.1365/s43439-020-00014-3
Suo, D., Siegel, J. E., &Sarma, S. E. (2018). Merging safety and cybersecurity analysis in product design. IET Intelligent Transport Systems, 12(9), 1103–1109. https://doi.org/10.1049/iet-its.2018.5323
WHAT IS CYBERSECURITY AND WHAT CYBERSECURITY SKILLS ARE EMPLOYERS SEEKING?. (2019). Issues In Information Systems. DOI: 10.48009/2_iis_2019_62-72
Ulven, J. B., & Wangen, G. (2021). A Systematic Review of Cybersecurity Risks in Higher Education. Future Internet, 13(2), 39–. https://doi.org/10.3390/fi13020039
JUDSON UNIVERSITY INSTITUTIONAL REVIEW BOARD
RISK ASSESSMENT FOR RESEARCH INVOLVING HUMAN SUBJECTS
This protocol must be approved by the Judson University Institutional Review Board before data are collected. Please refer to the Judson University IRB Procedures and Policies manual available at
www.judsonu.edu/irb
.
__________________________________________________________________________________________
Name: Prem chander Boinapally
Date: 03/11/2022
__________________________________________________________________________________________
Program or Department: Adult and Continuing Education and Teaching
Supervising Professor: Dr.Olabisi Adenekan
__________________________________________________________________________________________
Title of Proposed Research: Cyber Security
Read the following Risk Level Assessment Form(next page) and mark all items in each risk category that apply to your research. Record the totals from each category below:
No risk: __2________ Minimum risk: __4_________
Moderate risk: __6________ High risk: __2_________
Be sure your IRB Application thoroughly describes the following:
If your research involves vulnerable populations, include the following in the IRB application.
1. If your subjects are MINORS: Describe how you will obtain each child’s verbal or written assent as well as written consent from the child’s legal guardian. Note: At ANY level of risk, informed consent must be obtained from both the parent or guardian AND the minor before data is collected. If consent is given by the minor, but not by the parent or guardian, data should not be collected. Describe the means to be taken to reduce risks and to safeguard the subjects. Describe why alternative, less risky methods of research would not be possible.
2. If your subjects are VULNERABLE TO “UNDUE INFLUENCE”: For example, anyone over whom you have authority or anyone in your care is vulnerable to your influence (students, clients, parishioners, employees, etc.). Describe how the subject’s right to decline participation without negative consequences will be preserved. Describe the means to be taken to reduce risks and to safeguard the subjects. Describe why alternative, less risky methods of research would not be possible.
3. Other “VULNERABLE POPULATIONS”: For example, those who are institutionalized or are unable to make their own decisions are vulnerable. Describe the vulnerability of the subjects and how the risk caused will be minimized. Describe actions to be taken to reduce risks and safeguard the subjects. Describe why alternative, less risky methods of research would not be possible.
If the Principal Investigator is a student:
Signature of supervising professor:
Date: 03/11/2022
RISK LEVEL ASSESSMENT FORM
This checklist is provided to help researchers, reviewers, and the IRB to consider thoroughly the research proposal in light of the potential risk to human subjects and does not in itself determine the decision or recommendations of the IRB. It is not the intent of the IRB to use this risk level assessment tool to comment on the merits, quality, or design of the research beyond the potential risks to human subjects.
Based on your research purpose, population, and methods, check all items in each category that apply to your research, and indicate the totals on p. 1. It is not uncommon for items to be checked in multiple categories, and it may take only one risk factor to place the entire research project in a particular category. You may be able to justify the value of a research project being at a particular risk level, or you might describe procedures that reduce the potential impact of an acknowledged risk factor in your IRB application.
NO RISK LEVEL CRITERIA:
____ People will be observed randomly in a public place where there is no personal identification of subjects.
____ Subjects are not aware of the observation and do not have direct contact with the researcher.
__X__ Only public information will be utilized, such as phonebooks, directories, or other widely published lists.
____ Data are collected without any identifying information. There is no possible or imaginable way to trace responses back to subjects.
__X__ Data will be used collectively in a statistical manner, and no one individual’s response can or will be tracked.
__2__ TOTAL for NO RISK
MINIMAL RISK LEVEL CRITERIA:
__X__ Subjects are interviewed or otherwise contacted to solicit participation.
__X__ Inquiries are made regarding to basic identifying information such as age, gender, ethnicity, etc.
__X_ Subjects are asked to answer general questions regarding non-personal information.
__X__ Subjects are asked to give opinions or attitudes toward commonplace matters such as general trends or other benign topics.
____ The research will not in any way influence or affect the subject socially, psychologically, or spiritually.
____ The collection of required information will not take more than 4-5 minutes of the subject’s time.
__4___ TOTAL for MINIMAL RISK
MODERATE RISK LEVEL CRITERIA:
__X__ The subject is asked to reveal personal information regarding individual opinions, background, behaviors, attitudes, or beliefs.
__X__ Subjects will be selected to participate based upon a particularly unique characteristic or group membership (similar position, training, background)
____ Subjects will be selected to participate based on an extraordinary life experience.
____ Topics or questions raised are politically, emotionally, culturally, spiritually, or psychologically sensitive.
__X_ Individual or group presentations, phone calls, or questionnaires will be used to solicit participation in the research.
__X__ The research objective is not revealed at the outset to the subject in a direct and straightforward manner, such as research that requires that the subject be naïve regarding the research in order to participate objectively.
__X__ Subjects are required to reflect on their own behavior, values, relationships, or self in such a way that one might be influenced or affected, and/or anxiety or concern might be raised about the subject matter of the research.
__X__ The subject may have regrets, concerns, afterthoughts, or reactions to the research method after data collection is completed.
___ The subject may become tired, weakened, or be mentally or physically affected as a result of the research method.
____ The research may inconvenience subjects by causing a delay or intrusion into their routine or schedule.
___ Involvement in the research will require more than 5 but less than 60 minutes of the subject’s time(outside of normal learning activities if the study is conducted in a classroom.)
__6__ TOTAL for MODERATE RISK
HIGH RISK LEVEL CRITERIA:
____ Subjects are asked or led to reveal highly personal information in areas such as close relationships, trauma, sexuality, or potentially immoral, unethical, or illegal acts.
____ The topic or research methodology will raise issues that are highly charged politically, emotionally, culturally, psychologically, socially, or spiritually.
____ The research will involve minors who do not have the authority and/or ability to give fully informed consent to participate.
____ The research will intentionally, or by design, involve persons who may be of legal age yet who are dependent on others due to a chronic or crisis health concern, developmental delays, advanced age, a language barrier, and/or incarceration, which may impair the subject’s ability to give fully informed consent.
____ Subjects will be selected to participate based upon a particular diagnosis, disorder, or physical or mental health concern.
____ The subject is likely to be affected emotionally, socially, or psychologically through the research over the short and/or long term, to the extent that debriefing or other reparative interventions are built into the research design (not solely for preventative purposes).
____ The research design calls for deception of the subject at any level.
____ The research involves physical manipulation, contact or touching either with the researcher or between subjects, physical exercise, and/or any medical procedure.
_x___ The research itself or the information obtained from the subjects may have immediate and/or long term political, legal, economic, and/or social consequences for the subjects.
____ Involvement in the research will require more than 60 minutes of the subject’s time(outside of normal learning activities if the study is conducted in a classroom.) or significantly influence the person’s routine and/or activities.
__1__ TOTAL for HIGH RISK
Informed Consent Form
I am conducting a study about Cyber Security. I invite you to participate in this research. You were selected as a participant because you were an expert on breach of cyber security in the Twitter Spear Phishing and the Zoom credential hack companies. Please read this form and ask any questions you may have before consenting to be in the study.
This study is being conducted by: researcher: Prem Chander Boinapally.
Background Information:
The purpose of this study is to bring awareness to how cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages, and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, and cyber-bullying making it necessary for the need of cyber security.
Procedures:
If experts participate in this study, I will ask you to do the following things. Provide relevant information and assessment for answers provided in the questionnaires or provide relevant answers when called or when an interviewer conducts the survey face to face. Information provided will remain confidential. You may ask questions of the researcher at any point in the study. One will need to sign a consent form before the survey.
Risks and Benefits of Being in the Study:
The study has several risks. First, the experts may get traumatized and emotional. Second, a big corporation may fire their employees for giving out information about breaches in their system not made public. Third, threats may be issued by corporations who feel the need to bury this kind of information.
There is no minimal risk of emotional discomfort if you choose to participate in this study and be recorded. If needed for support, resources can be reached at
prem.boinapally@student.judsonu.edu
.
There are no immediate benefits to you for participating in this study.
The direct benefits of your participation are: awareness will be raised to help fight cyber security breaches. The consumer will gain awareness and be protected from cybercriminals. Consumers will get a better know-how of why and how these breaches occur. Businesses and organizations will know what measures to adopt to reduce cyber-attacks.
Confidentiality:
In any publications of the results, pseudonyms will be used in place of names of participants or locations. The records of this study will be kept private. In any sort of report I publish, I will not include information that will make it possible to identify you in any way. Research records will be kept secured; my Judson University research advisor and I are the only people who will have access to the records as well as video and audio recordings.
Video Recordings
Video recordings for data analysis and portions of recordings may be presented in a professional context. Although real names will not be used in presentations of the research, and responses will be treated with confidentiality to anyone outside of the project research staff, participants might be identifiable to people who recognize them in video recorded artifacts. Recordings will be kept until the completion of the degree and destroyed immediately thereafter. Please sign below if you are willing to have your image recorded. You may still participate in this study if you are not willing to have your image recorded. If you are not willing to be video recorded, the camera will be situated in the classroom at an angle that will avoid capturing your image. Any unintentional video recording(s) of you will be edited to blur their image, causing them to be unrecognizable to viewers.
___________________________ ______________
Signature Date
· Audio Recordings
Interviews may be audio recorded for data analysis, and portions of recordings may be presented in a professional context. Although real names will not be used in presentations of the research, and responses will be treated with confidentiality to anyone outside of the project research staff, participants might be identifiable to people who recognize them in audio-recorded artifacts. Recordings will be kept until the completion of the degree and destroyed immediately thereafter. Please sign below if you are willing to have the interview(s) audio recorded. You may still participate in this study if you are not willing to have the interview(s) audio recorded.
__________________________ ___________
Signature Date
Voluntary Nature of the Study:
Your participation in this study is entirely voluntary. Your decision whether or not to participate will not affect your current or future relations with your employer or Judson University. If you decide to participate, you are free to withdraw from the study at any time without penalty. Should you decide to withdraw from the study, data collected about you, or your students will only be used up to the point of your withdrawal.
Contacts and Questions
My name is Prem Chander Boinapally. You may ask any questions you have now and at any point through the research process. If you have questions, you may contact me at prem.boinapally@student.judsonu.edu. You can also contact my advisor Dr. Olabisi Adenekan email which is olabisi.adenekan@judsonu.edu
You will be given a copy of this form to keep for your records.
Statement of Consent:
I have read the above information. My questions have been answered to my satisfaction. I give consent to participate in the study.
___________________________ ________________
Printed Name of Participant Date
___________________________ ________________
Signature of Study Participant Date
___________________________ ________________
Signature of Researcher Date
PrincipalInvestigator:
Prem Chander Boinapally
Study:
Adult and Continuing Education and Teaching
APPLICATION FOR APPROVAL OF RESEARCH
Institutional Review Board
Principal Investigator
1
. Principal Investigator:
|
a. Full name: |
Prem Chander Boinapally |
|||
|
b. University department, program, and position: |
Education/Student |
|||
|
c. Email address: |
Prem.boinapally@student.judsonu.edu |
|||
|
d. Phone number: |
510-556-7011 |
b. Co-Principal Investigator (if applicable):
c. The person completing this application (if not PI):
|
b. Email address: |
|
|
c. Phone number: |
d. If the PI is a student, the supervising professor or academic advisor:
|
Dr. Olabisi Adenekan |
|
olabisi.adenekan@judsonu.edu |
e. Has this study been approved by a committee?
|
f. |
Yes |
|
X |
No |
5. Submission Category (please check one):
|
Exempt – no human subjects involved |
|
Expedite – minimal risk to human subjects |
|
Full Review – moderate to high risk to human subjects |
6. Publication Audience:
|
Internal – research intended for teaching purposes only within courses at Judson University. |
|
Public – research may be published outside of Judson University. |
Research Study Identification and Overview
1. Title of study:
|
Cyber Security |
2
. Full description of the research, its objectives, methods, and what subjects will be asked to do.
|
Our dependency on the internet has become immense. It is wrong to assume one’s safety in the sense that only big organizations are more susceptible to hackers. A normal consumer connected to the internet if not vigilant enough is at the risk of getting trapped easily. Cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages, and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, cyber-bullying making it necessary for the need of cyber security. This research will use the qualitative research method. Data will be collected and analyzed. Non-numerical data will be used to help gather deeper insights into the problem to help generate new ideas. The intention is to investigate cyber security and find out possible measures put in place to be secure against threats, investigate the measures organization put in place and adopt for safety, and to find out what measures individuals and organizations should take to protect themselves. Subjects will be chosen based on the research need rather than convenience. Participants will be selected based on searches on the web through posting on social media of the survey targeted towards experts of cyber-attacks. Blogs and posts aimed will be at experts of cyber attacks and they will be published inviting them for the survey. Experts for the survey will qualify on merit that they received malicious malware either through a trojan or an executable file acting on the machine or the network. The method by which the attacker sent the malware will also be considered either by e-mail, as an attachment, or as a link that will download the payload. Another factor will be to consider what exploitation the expert faced and where the attacker needs the aim of the expert. Further, we will be questioning whether the expert’s installation of the malware was successful and if they did execute it automatically and whether the attacker achieved his objectives where there was a loss of data from the database through the webserver. Experts will have had to have had a working experience of five or more years in the cyber security field of study. The data company experts will be most preferred as they have daily exposure to the subject matter at hand. Focus group participants: Focus group meetings will be held especially for face-to-face surveys. The focus will provide helpful insights into the research as there are multiple interactions, not only between the interviewee and participants but among the participants themselves. Two rounds of focus group meetings will be conducted with different groups. Data from network administrators are also reported. During the first focus group meeting, participants will know the different ways hackers get access to their networks and the different types of malware. For the second focus group, we will give data analysis of the first group and try to reach a consensus on the most important deviations of the security rules. The focus that will be conducted over the phone will consist of 5-7 members and last about one and a half hours. The focus groups will be audiotaped and the audiotapes transcribed into anonymized text files. Analysis: The analysis of qualitative data is an iterative process. The coding of data comes first to determine major categories fit into different categories. interpreting qualitative data is highly subjective and procedures have to be developed to establish inter reliability. Two coders will be used to code the data. They will agree on different categories and reach a consensus on how the data will be fitted into the main categories. After consensus, their solutions, and the data on which they will base, will be presented to another researcher. Based on the feedback of the other researcher changes will be made to how the data fit into the main categories. The same process will continue and only after the three researchers came to a consensus about the right interpretation of the qualitative data, the solutions will be accepted. Participation requirement: Subjects will be asked to provide honest information for the survey. Participants will answer questions and provide insight on different questions asked. All participants will converse in English and will sign consent forms before the start of the survey. Group Component: groups will have 6-7 members brought together by a common characteristic. Meeting Preparation: Participants will be notified through emails of relevant information about meetings especially. The participants will meet in any available community spaces conducive to such gatherings. Meeting rooms, churches, classrooms, public libraries are good meeting places. Working logistics: each focus group member will determine accordingly to responses from the survey logistics. After meeting for one and a half hours, for two meetings, each group will be discontinued. Focus Group Meetings: A sign sheet will be provided for each meeting day to allow for the documentation of participants present. Name tags will be given for easy identification. Relevant information will be communicated while making sure that the participants agree with the confidentiality agreement. The researcher will be the moderator and will take notes during the meeting. Different meetings will have different agendas. |
3. Dates for conducting the study:
|
This study will take place between July and December 2022. General logistics; survey distribution, identifying participants will take place between August and September 2022. Focus group meetings will be done between October and November 2022. Transcription and coding will be done between October and December 2022. |
4. Site(s) of study:
|
The data to be collected will be collected from the following geographical areas: · Washington D.C area location. · Colorado Springs area location. |
5. Description of the population/subjects participating in the research study, recruitment of the subjects, and the criteria for inclusion as a participant of the study.
|
The participants for this study will be adults of 21 years and above and categorized as experts. The involvement selection process will be based on the availability and willingness of the participants. A follow-up survey will be conducted to people available and willing to participate in the research. Participants for this research study will be drawn from the mentioned geographical place above. Washington D.C will get higher popularity than Colorado Springs. Participants will be of mixed ages and gender. Participants who are experts will take precedence as they provide insights of value to the research topic. For easier communication, participants will be able to converse in English. Participants will be 5-7 participants who will be categorized by the geographical region they are in. |
6. Identification of special subjects/ populations, if any, such as children and minors, pregnant women, cognitively-impaired persons, prisoners, traumatized and comatose patients, terminally ill persons, elderly, minorities.
|
The research will be open to all adults except adults with mental disabilities. Adults with physical disabilities are eligible for the research. Most people with this disability are restricted in carrying out an activity such as self-care, mobility, or communication which presents an obstacle for the research. A test will be administered to filter out people with short attention spans, poor reading writing, and communication ability, disorganization, and other sensory difficulties, eye-hand coordination problems and poor coordination overall, difficulty with sequencing, and lastly poor memory. |
7. Full description of provisions to care for subjects where there is the risk of physical or emotional research-related harm.
|
When interviewing the experts, I’ll make sure they are in a safe space physically and psychologically to talk about how cyber security breaches affected them. |
8. Description of confidentiality provisions and measures to protect the identity and privacy of subjects.
|
Any information given by participants is confidential and he or they won’t be exposed. Both during and after research anonymity will be paramount and will be guaranteed. Hard copies and electronic ways will be used to store data. The audios will be transcribed by the researcher and the hard copies locked away in the cabinet. Only the research team will have access. |
9. Description of obtaining consent from subjects and, if the subjects are minors, obtaining consent from the child’s legal guardian.
|
Any participating adult will be asked to sign a consent form before the commencement of a survey. |
10. Risk Assessment scores (taken from the Risk Assessment form).
|
No-Risk: 2 Minimum Risk: 4 Moderate Risk: 6 High Risk: 2 |
As principal investigator, I assure you that the information provided is correct, that I will seek Judson University IRB approval for any substantive modifications in the research study, and that I will report to the IRB Chair promptly any incidents or anticipated problems that may occur during the study that may affect subjects adversely or change the risks and benefits described.
Signature of principal investigator: Prem Chander
Date of signature: 03/09/2022
If the PI is a student:
Signature of supervising professor:
Date of signature: March 11, 2022
This study has been approved by Judson University’s Institutional Review Board.
Signature of IRB Chair ___________________________________
Date of signature ______________________________
1
2
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more